Hard2bit
← Back to products
SaaS · External posture · AI Agent Readiness Free to start · No credit card

Hard2bit Scanner

Your external security posture and AI-agent readiness, in three minutes

While classic scanners check 5 things, Hard2bit Scanner runs 50+: HTTP headers, TLS configuration, email records (SPF/DKIM/DMARC/MTA-STS), DNS exposure, leaks in pastes and public repos, forgotten subdomains, vendor breach exposure, and 11 emerging AI Agent Readiness standards from 2025-2026. No agents, no internal access, fully passive.

25 automated controls per scan — 14 free, 11 Premium

First scanner to measure 11 emerging standards for AI agents

Results in 30-60 seconds, no install, no card required to start

Run a free scan See plans Request a demo

SaaS product by Hard2bit S.L. · Spanish cybersecurity company headquartered in the Community of Madrid · 13 years in the field.

Time per scan

30-60 s

Full report with score, grade and prioritized findings

Controls per scan

25

14 free + 11 Premium across 6 security categories

Analysis model

100% passive

No agents, no access to private resources of the domain

What Hard2bit Scanner is

Hard2bit Scanner is the SaaS application from Hard2bit that continuously audits the public security posture of any domain — and, in the same scan, measures its readiness for the AI-agent era.

Every scan runs 25 automated controls across six categories — Network, Web, Identity, Data exposure, Reputation and Compliance — and delivers a report with score, grade, prioritized findings and concrete technical recommendations.

The analysis is 100% passive: no agents, no access to private resources, only public sources. Results in 30-60 seconds, no install, no card required to start.

Hard2bit Scanner stands apart from the market by including a unique AI Agent Readiness module that evaluates up to 11 emerging standards from 2025-2026 — territory most classic scanners do not yet cover.

Why Hard2bit Scanner

While classic scanners check 5 things, we check 50+

Hard2bit Scanner combines the usual EASM (External Attack Surface Management) controls with dedicated modules for leaks in pastes and repositories, supply-chain breaches with NIS2 traceability, AI dataset exposure, and the first commercial Agent Readiness block covering 11 emerging standards from 2025-2026.

Fully passive, no agents

No internal access and no technical authorization required to start. Just the domain. Results in under a minute.

25 controls, not 5

14 free controls across six categories and 11 Premium controls covering advanced exposure and supply chain.

First scanner with Agent Readiness

11 emerging 2025-2026 standards so your domain is ready for AI assistants and agents.

25 automated controls in every scan

14 free and 11 Premium, grouped in six categories. All passive, no internal access.

Current catalogue · No agents

Network

3 controls

TLS / SSL

Free

Certificate configuration, available cipher protocols and known cryptographic weaknesses.

DNS health

Free

Server redundancy, DNSSEC, sensitive records and consistency across providers.

Exposed ports

⭐ Premium

Common ports reachable from the Internet that may expose admin services or management panels.

Web

5 controls

HTTP security headers

Free

Recommended headers against code injection, UI hijacking and traffic manipulation.

Detected technologies

Free

CMS, frameworks, libraries and server stack in use to flag outdated components.

Known public vulnerabilities (CVE)

Free

Cross-reference of detected technologies against public CVE databases.

Cookie configuration

Free

Cookie security attributes that could facilitate session theft if misconfigured.

Mixed content on secure pages

Free

HTTPS pages loading resources over insecure channels and exposing user data.

Identity

3 controls

Email security

Free

SPF, DKIM, DMARC, MTA-STS and other public mechanisms that authenticate outbound mail.

Domain status

Free

Expiration date, age, registrar and administrative status of the domain.

Certificate Transparency

Free

Certificates issued in public CT logs to detect unauthorized issuance.

Data exposure

8 controls

AI-era security posture

⭐ Premium

Posture against generative AI scrapers, training-data exposure and common AI-app endpoints left unprotected.

Exposed cloud storage

⭐ Premium

Cloud buckets and admin panels reachable from the Internet that could leak files or credentials.

Leaks in pastes and repositories

⭐ Premium

Mentions of the domain or associated credentials in public repositories and paste services.

Subdomain takeover risk

⭐ Premium

Subdomains pointing to abandoned external services that an attacker could claim.

AI dataset exposure

⭐ Premium

Domain content present in public archives that feed generative AI models.

AI bot blocking

Free

Configuration to block generative-AI scrapers (GPTBot, ClaudeBot, Google-Extended) via robots.txt, ai.txt and meta tags.

Certificate Transparency subdomains

⭐ Premium

Enumerates subdomains visible in CT logs and classifies them to surface dev/staging/admin environments.

Vendor breach exposure

⭐ Premium

Third-party vendors in use (CRM, marketing, analytics, CDN) with documented public breaches — NIS2 supply-chain traceability.

Reputation

1 control

Threat intelligence

Free

Presence of domain, IPs and mail servers in public spam, malware, phishing and botnet lists.

Compliance

3 controls

security.txt file

Free

Standard channel published so security researchers can responsibly report vulnerabilities.

Compliance signals

⭐ Premium

Public signals of best-practice adoption (cookies, privacy, GDPR, accessibility).

robots.txt file

Free

Internal paths inadvertently revealed and inconsistent indexing policies.

Unique differentiator 11 standards · 2025-2026

AI Agent Readiness — get your domain ready for the agent era

Hard2bit Scanner is the first commercial scanner that measures the 11 emerging standards companies need so their sites are discoverable, interpretable and operable by AI agents. While competitors stay on classic security, we also prepare you for the next channel shift.

4 basic standards · Starter

What Starter covers

llms.txt

Emerging standard letting language models know which parts of the site they may consume and how.

sitemap.xml for AI

Sitemap useful not only for search engines but also for AI agents and crawlers.

Content-Signal

Signals about content type (informational, transactional, commercial) for generative assistants.

Public Markdown

Clean Markdown versions of content so AI agents consume it without presentation noise.

+7 advanced · Pro

What Pro adds on top

RFC 9727 — Discovery

Standardized discovery of service capabilities for external agents.

RFC 9728 — OAuth for agents

Authentication and authorization built for programmatic and agent-driven access.

MCP Server Cards

Model Context Protocol cards describing the server to a connected assistant.

Agent Skills

Catalogue of operable product capabilities an agent can invoke.

ai.txt and scraping policy

Explicit policy about generative model usage: training, inference, commercial, non-commercial.

Schema.org for AI

Structured markup engineered so agents can interpret entities, products, FAQs and pricing.

Agent-readable public APIs

Documentation, OpenAPI and endpoints designed for programmatic consumption by AI assistants.

These standards are not mandatory yet, but the organizations that adopt them first will win organic positioning, citations in generative answers and control over how models consume their content. Hard2bit Scanner tells you exactly which ones you already have and which ones you are missing.

How Hard2bit Scanner works

No install, no agents, no internal access. Three steps to a defensible technical diagnosis in under a minute.

1. Enter the domain

All we need is the URL. No credentials, no tokens, no prior setup.

2. We run 25 checks in parallel

Network, web, identity, data exposure, reputation, compliance and Agent Readiness — all in parallel.

3. You get a report with score and grade

Prioritized findings, evidence, technical recommendations and, on paid plans, a professional PDF export.

4. You rescan over time

90-day history on Starter and unlimited on Pro to track evolution. Recurring scans are on the roadmap.

Technical philosophy

Passive, defensible, reproducible

Hard2bit Scanner only queries public sources: DNS, HTTP headers, Certificate Transparency logs, threat-intelligence feeds and open data.

It runs no intrusive tests, does not saturate the scanned service and does not require technical authorization from the domain owner to begin.

If a finding requires manual validation with controlled exploitation, the natural next step is a professional pentest — a service the Hard2bit team has delivered since 2013.

Important

The scanner measures public posture. It does not replace a manual audit with contractual scope, a pentest or an internal review.

Real-world use cases

Who is already using Hard2bit Scanner and why — and why it fits a small consultancy as well as a corporate IT team.

External consultant or auditor

Quick diligence on prospects, complementary technical evidence for NIS2, DORA, ENS or ISO 27001 reports, and pre-engagement validation before the formal kick-off.

CISO or internal IT team

Continuous monitoring of your own external posture, shadow-IT subdomain inventory, vendor breach watch and technical reporting for the steering committee.

MSP and managed service provider

Scanner across your client portfolio, a complement to the SOC, control of exposed surface and a recurring technical deliverable under your own brand.

Technical marketing team

Check Agent Readiness, content exposure to generative models and positioning for the era of AI assistants and answer engines.

Simple pricing, no commitment

Free plan, no credit card. Cancel anytime. Full refund within 14 days of the first charge, no questions asked.

Full detail on scan.hard2bit.com

Anonymous

Free

1 scan / 24h per IP

  • Score and grade
  • 3 non-priority findings
  • No full detail
Try without signing up

Free

€0

/ month · 3 scans per month

  • 3 scans per month
  • Full score and grade
  • Detailed findings on free checks
  • Preview findings on Premium checks
Create free account
Most popular

Starter

€19

/ month · 20 scans per month

  • 20 scans per month
  • All Premium checks fully unlocked
  • Shadow IT subdomain inventory
  • Vendor breach alert (NIS2)
  • Professional PDF export
  • Basic Agent-Readiness (4 standards)
  • 90-day history
  • Email support
Start with Starter

Pro

€29

/ month · 60 scans per month

  • 60 scans per month
  • Full Agent-Readiness (11 standards)
  • Unlimited history
  • Priority support
  • Coming soon: score evolution
  • Coming soon: recurring scans
  • Coming soon: email alerts
Start with Pro

Need higher volume, an API or a custom integration? Talk to the team for an Enterprise plan.

Who is behind it

A product of Hard2bit S.L., a Spanish cybersecurity company with 13 years of track record

Hard2bit Scanner is built and operated by the same team that delivers managed SOC, pentesting, incident response and NIS2 readiness to corporate clients and public administration since 2013.

The company is certified to five ISO standards, accredited at ENS High category and an active member of four sector associations. That corporate authority is what stands behind every scan.

Accreditations

Certifications and memberships

Certifications

ISO 27001ISO 9001ISO 14001ISO 22301ISO 20000-1ENS High

Memberships

ISMS ForumCyberMadridASLANUN Global Compact
See certification detail → See ecosystem and memberships →

The next step

Found critical issues? The Hard2bit team can help you remediate them

Hard2bit Scanner is a starting point. When the report exposes real risk or gaps that require manual intervention, the Hard2bit team can take over with professional services.

Professional service

Pentesting

Manual technical validation when a critical finding needs controlled exploitation and proof of impact.

See service

Professional service

Incident response

DFIR team available when the scanner detects active exposure or after a real incident.

See service

Professional service

NIS2 readiness

Full programme support for NIS2 obligations including supply-chain risk.

See service

Professional service

DORA

Digital operational resilience for financial entities regulated under DORA.

See service

Professional service

ENS

Categorization, implementation and audit readiness for Spain's National Security Framework.

See service

Professional service

Cybersecurity audit

Full professional audit with defined contractual scope and committee-grade traceability.

See service

Frequently asked questions about Hard2bit Scanner

Direct answers for CISOs, internal IT teams, consultants, MSPs and security leaders evaluating whether Hard2bit Scanner fits their operation.

What is Hard2bit Scanner?

Hard2bit Scanner is a SaaS application developed by Hard2bit S.L. that evaluates the public security posture of any domain through 25 automated controls across six categories — Network, Web, Identity, Data exposure, Reputation and Compliance — and additionally measures the domain's readiness for the AI-agent era with up to 11 emerging standards.

Is it really free to start?

Yes. The Anonymous tier allows one scan every 24 hours per IP with no signup. The Free plan is permanent and gives you three scans per month with full score, grade and detailed findings on the 14 free checks, plus preview findings on Premium checks. No credit card required to start.

What privacy guarantees do I get about my domain?

Analysis is 100% passive. Hard2bit Scanner installs no agents, accesses no private resources and runs no intrusive tests. It only queries public sources: DNS, HTTP headers, Certificate Transparency logs, threat-intelligence feeds and open data. Hard2bit S.L. is the data controller under GDPR.

Can I scan client or third-party domains?

Yes. Because the analysis is passive and based on public information, it does not require explicit authorization from the domain owner. We still recommend informing the client beforehand. If your contractual relationship with the client requires formal authorization, obtain it before scanning.

How does Hard2bit Scanner differ from pentesting?

Pentesting is a manual engagement with controlled exploitation of vulnerabilities inside a contractual scope. Hard2bit Scanner is an automated passive analysis of the public posture, useful as continuous visibility and as the entry point to pentesting when a finding justifies it. They are complementary, not substitutes.

Is it valid as audit evidence for NIS2, DORA or ENS?

It is a complementary source of technical evidence. The report documents the externally observable posture at a point in time and leaves traceability of findings about public surface, supply chain and configuration of headers, DNS and email. Formal audit defense should combine this with the rest of the ISMS or in-scope system evidence.

What is Agent Readiness and why does it matter?

Agent Readiness measures whether a website is prepared to be discovered, interpreted and operated by AI agents. Hard2bit Scanner evaluates up to 11 emerging standards from 2025-2026 (llms.txt, Content-Signal, MCP Server Cards, Agent Skills, RFC 9727 and 9728, among others) — territory most classic scanners do not yet cover.

Is there an API to integrate the scanner?

Hard2bit Scanner is currently operated through its web interface. A public API is on the roadmap and will be released first for Pro and Enterprise customers. If you need integration with a SIEM, ticketing system or in-house portal, write to info@hard2bit.com to discuss a custom plan.

How does plan switching work if I need more volume?

A Starter → Pro upgrade is prorated and charges only the difference for the current period. A Pro → Starter downgrade takes effect at the end of the paid period. There is no commitment: you can cancel anytime and keep access until the current billing cycle ends.

What happens if the scanner finds critical issues?

Hard2bit Consulting can take over the remediation with professional services: technical pentesting, incident response, NIS2/DORA/ENS readiness, infrastructure audit, cloud and Microsoft 365 hardening. It is the natural next step when the public posture reveals issues that require manual intervention.

Do you refund if the product doesn't work for me?

Yes. You have 14 days from the first charge to request a full refund with no need to justify the reason. Write to support@hard2bit.com and we process refunds within 24-72 hours.

Who is behind Hard2bit Scanner?

Hard2bit Scanner is a product of Hard2bit S.L., a Spanish cybersecurity company founded in 2013, headquartered in the Community of Madrid. Hard2bit is certified to ISO 27001, ISO 9001, ISO 14001, ISO 22301 and ISO 20000-1, accredited to ENS High category, and a member of ISMS Forum, CyberMadrid, ASLAN and UN Global Compact.

Get started

Run your first scan now — free, no card, in 30 seconds

Enter your domain and get score, grade, prioritized findings and recommendations in under a minute. No install, no commitment.

14-day full refund · no commitment
Run a free scan See plans and pricing Request Enterprise plan